top | item 3575044

(no title)

noobiscus | 14 years ago

IANAL - but with the DPA and other EU data/privacy laws: at the point that the data was collected inside but transmitted outside the EU. Its treated somewhat like an export, or a border control. (this is why Apple allow you to preclude your app from certain local markets; enter the market, and you ARE bound by its laws for your actions in that market)

On the other hand; DPA violation doesn't result in prison, just a (potentially large) fine.

On the third hand, its quite possible that Path did not violate the DPA (although its possible they did). The DPA, in short states that you have to gather personal info for a specific, consensual purpose, and not use it for any other, and also store it in a way that protects it from loss/theft/misuse - where misuse includes deciding 6 months down the line to use it for another purpose. It also means that if your 'purpose' for holding that information ceases, you are legally obligated to purge the data - your legal permission to hold ends.

So; was there consent - almost certainly not, hence possible DPA violation. But once it was clear they had no broad public consent - they immediately purged the data, so possibly no _deliberate_ violation, and certainly a demonstration of willingness to correct the situation.

discuss

No comments yet.